WebAssembly Script Injection Vulnerability in Google Chrome
CVE-2017-15429

6.1MEDIUM

Key Information:

Vendor: Google
Status: Google Chrome Prior To 63.0.3239.108 Unknown
Vendor: CVE Published:; 28 August 2018

🔔 Create Google Vulnerability Alert

What is CVE-2017-15429?

An inappropriate implementation in the V8 WebAssembly JavaScript bindings of Google Chrome allowed attackers to inject arbitrary scripts or HTML through a specially crafted HTML page. This could lead to significant security risks as it enables unauthorized script execution in the context of a user’s session, potentially compromising sensitive information or user interactions.

Affected Version(s)

Google Chrome prior to 63.0.3239.108 unknown Google Chrome prior to 63.0.3239.108 unknown

References

https://crbug.com/788453

x_refsource_MISC

https://access.redhat.com/errata/RHSA-2017:3479

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/102196

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2018
Vulnerability Reserved
Oct 17, 2017

.

CVE-2017-15429 : WebAssembly Script Injection Vulnerability in Google Chrome